Swiss Vpn Leaving ports open

Discussion in 'privacy technology' started by mike70sk, Jul 23, 2012.

Thread Status:
Not open for further replies.
  1. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    Hi i have been using SwissVpn for p2p for about 6 months now. Yesterday i did a grc port scan, first i ran with the vpn off. everything was stealth but port 1 and port 2 were closed.

    Then i ran the same test with swissvpn with and with out there firewall and i was astonished to see that it new the name of my pc and my home network name and that accepted an anonymous connection from another machine . It also said unbind" the "File and Printer Sharing but i use a media server.

    So i run the full scan and port 135 DCOM Service Control Manager and port 139netbios-ssn are open as wells as 554 Real Time Stream Control Protocol.

    Sorry to bombard you with questions

    Is this normal to have these ports open when using a vpn ?

    Do all vpn's do this ?

    I thought the netbios was the port people use to hack into your computer?

    Is it possible somebody has already hacked into my computer and added and removed files?

    Is there a way for me to close these ports via windows firewall or my router without affecting performance of my vpn. Is it possible they can close them?

    Thank you for reading all this, i'm gonna email them but i want to make sure i know what's what before i do.

    I look forward to your responses.
     
    Last edited: Jul 23, 2012
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That is very odd! I would stop using that SwissVPN setup immediately!

    While you're using a VPN, the ShieldsUP! test at -https://www.grc.com/- should be probing the VPN's exit node, not your computer. VPN exit nodes are typically running Linux or BSD, so NetBIOS intrusion is not an issue. Ideally, all ports are stealthed. VPN exit nodes typically do respond to ping requests, and fail that part of the ShieldsUP! test.

    If ShieldsUP! is reporting that ports 135, 139 and 554 are open, and that your computer and network names are visible, it seems that SwissVPN is configured to forward all open ports. That's very unusual. Some VPNs allow you to forward ports for torrenting, but not NetBIOS etc ports.

    If you like, you can post the VPN connection log, with IP addresses etc redacted.
     
  3. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    Hi thanks for responding. Last night i reinstalled windows7. so i would have to much of log

    Do you think with ports open i was hacked ?

    when i run grc it does show the swiss ip but then it knows my computer name

    sorry for the newbie question but how do i go about posting VPN connection log ?, with IP addresses etc redacted ?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Reading SwissVPN's FAQ -http://www.swissvpn.net/index.php?cot=faq- I see this:

    Maybe SwissVPN does leave ports open by default. I've never seen that before, and I've used several VPN services. Perhaps someone else can comment on that.

    :)

    At this point, it probably wouldn't hurt to connect one more time to get the connection log ;)

    If you reinstalled Windows, however, your SwissVPN connection may not be configured the same way.

    I could only guess. At this point, I doubt it.

    That's what I'd expect if your ports were forwarded.

    What connection type do you have: PPTP, OpenVPN, SSTP or L2TP?

    There should be an option in the VPN client for viewing the connection log. You want to redact any number that looks like "123.456.789.123". You can just paste the file into a reply here, with code tags around it.
     
  5. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    Hi, i normally use SSTP but i changed to PPTP to see if it would get the same result and it did. Fire Wall Off and On same result.

    I don't use a client its just configured in windows 7.

    I emailed them and will post there response when i get it.

    I like using swiss vpn, its cheap, its fast for using p2p. Switzerland has very tough privacy laws. They do log but wont hand it over unless the Swiss department of justice demands it. Switzerland is not in the EU and not subject to there laws. In Switzerland piracy is legal for personal use, after they had a study showing piracy has no effect on the entertainment industry.

    It would be shame to give that all up, but i cant have open ports like that!
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    You might want to try using the OpenVPN option. I've never seen open ports like that in an OpenVPN-based service. But I've also never used SwissVPN, so that's just a guess.
     
  7. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    for all thats intrested here is my email coresopende with swissvpn


    Hello,

    > i i have been using SwissVpn for about 6 months now. yesterday i did
    > an online port scan at http://www.grc.com/x/ne.dll?rh1dkyd2. when
    > my vpn was off there were no problems.
    >
    > But when the vpn was turned on (with and with out the firewall) I was
    > astonished to see that it new the name of my pc and my home network
    > name and that accepted an anonymous connection from another machine
    > . It also said unbind\" the \"File and Printer Sharing.
    >
    > So i run the full scan and port 135 DCOM Service Control Manager and
    > port 139netbios-ssn are open as wells as 554 Real Time Stream
    > Control Protocol.
    >
    > Its my understating that the netbois is what hacker use to get into
    > your system
    >
    > I have a few questions
    >
    > Is this normal, do all users of swissvpn have ports 135 139 and 554
    > open?

    Open ports are related to the set up of your PC which means your PC firewall
    is open and there is a program (listener) active on these ports. Your either
    close
    the ports through a firewall or shut down the listening program.

    > Is it possible somebody has already hacked into my computer and added
    > and removed files?

    Can't say from here, but it surely is possible. Only a more detailed check of
    your PC can tell.

    > Is there a way for me to close these ports via windows firewall or my
    > router without affecting performance of my vpn.

    Yes, should be possible.

    > Is it possible swissvpn can close them?

    You can use the Firewall version of SwissVPN which by default is blocking all
    incoming traffic.

    However it is normal to have open ports. Without certain ports open your PC
    would not work
    properly on network environments so it's not a vulnerability by default but can
    be if additional
    things happen. E.g. open Netbios port allow to e.g. share files on a local
    network which is not
    a problem as long as your PC uses appropriate login setup.Not using such login
    setup opens
    your PC to the world which certainly is not a good idea.

    So this is a complex issue and you should consider looking for specialized
    help.

    Using SwissVPN firewall version at least makes sure that you cannot be
    contacted from the
    Internet on network level (but may inhibit proper working of torrent or other
    communication based programs unless
    you open certain ports again)

    --

    Kind Regards


    new email
    I have the swisvpn firewall on and those ports 135,139 and 554 were open. I
    never opened them and if swissvpn never opened them maybe my computer has
    been comprmised.

    I do have it set to open a port for bittorent speed but it not any of the
    above ports.

    Please advise
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    SwissVPN's answer is consistent with what I've read on their website. But I'm puzzled. I've used several VPNs. Most don't even allow open ports to be forwarded to the exit node. Some do allow that, such as BolehVPN and Mullvad, but you need to set it up. However, my experience is limited to OpenVPN, so what you're seeing may be normal for SSTP and PPTP. Either way, it's not good.
     
  9. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    They emailed me again and said it was cause my firewall was turned off on my account' Its true the firewall is off on my account, that's because i changed it to off to test it both ways, I turned it back on ran the scan and same 3 ports on.

    I did not change anything in windows firewall plus i reloaded windows it should have changed it back to normal They claim they shouldn't be open. So does this mean i was hacked if so, what should i do change my banking and other passwords and scrub my drives, or at least scrub the free space? i use program file shredor to erase, but it works so fast i wonder if it actually does anything. does erazor work with sata drives now? should i

    I i could try the free openvpn with swiss vpn, does this client have an option to close your internet connection if you loose connection with the vpn?
    also can anyone recommend another vpn and if possible has a test account and or small trial period?

    ok i closed the ports in windows firewall now it stills shows my name and home network, but the ports are stealth with and with out there firewall. but it does add

    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    is that good enough or should i block the firewall ports as well?



    thanks again for reading all this
     
    Last edited: Jul 24, 2012
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Reading their website, it doesn't seem like you can just turn their firewall off and on. They say that you need to extend your subscription to add the firewall. But maybe I didn't read the right stuff.

    Windows does tend to open ports. And you said that you had enabled file sharing.

    But the point is that these open ports should not be visible through a VPN unless explicitly configured. You shouldn't need to firewall your VPN to prevent port forwarding. At least, that's been my experience with OpenVPN.

    From what you've said, it sounds like you opened the ports on your Windows machine in order to enable file sharing etc. What's odd isn't the fact that the ports are open, but rather that they're accessible through the VPN.

    It might mean that somebody messed with your SwissVPN setup. But that seems unlikely.

    Even so, it's probably wise to assume the worst. Use an Ubuntu LiveCD for everything. Change all of your online passwords. Copy all of your data files to clean USB drives, in duplicate. Use dd to fill your drives with zeros. Then reinstall Windows, and copy your data files back.

    Don't bother.

    Don't bother. The problem is how SwissVPN is set up.

    If you want to stay with SwissVPN, check out their OpenVPN option. Or switch to another VPN. How to prevent VPN leaks on Windows is discussed in other threads.

    BolehVPN and Mullvad are both good for torrenting. iVPN is good if you want better anonymity. I also like Insorg, but Western Reserve is the only payment option outside Russia.

    :)
     
  11. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    Hi again

    when you mentioned about my media server it got me thinking that when i reloaded windows i did not set up the media server and it still got the open ports when using vpn (not open when normal)

    so what it did is i disabled windows firewall totally and ran the shields up everything was fine when normal, but when the vpn was on (with and with out firewal)l (you can disable/enable it in your accuont if you paid for it) the ports were all open again!! so either there system is messed up or there spying on me.

    Do Not Purchase SwissVpn

    im not even gonna bother trying there openvpn, i have a couple of weeks left but im never using swissvpn again.

    The scan said that it could connect and get my computer name but it said it could not find any active shares. Would you say the chance i got hacked its pretty slight.?

    I have me internal hard drive and 2 external ones, and im full up with media and do not have anywhere else to move around files.

    Can i just scrub the free space can you recommends program to do that?

    Is there program for me to search for files, ones deleted but also ones on the hard drive in case i was hacked and some file is on there.

    I am looking into your recommendations for vpn. I see that some have servers in Canada and the USA, does that mean it would be faster to connect to those servers for torreting and if i use the overseas ones it will be slower?

    Im a little Leary about servers in Canada and the States, i know most claim not to log but there has been cases where vpns claimed not to log but did and kept them and gave them away, either to get money for entertainment parasites or to lesson any charges they face

    swissvpn promises a safe surf, but as it turns out it has been anything but!

    once again my thanks :)

    ok im trying the Mullvad the only port open is 22 SSH Remote Login Protocol am i correct to assume it just a conection for the vpn and is safe?
    its much faster then svpn, one thing i dont understand is it says

    What is Exclude Swedish traffic?

    Traffic to Swedish destinations is routed outside the tunnel to better deal with the Swedish FRA surveillance system from inside Sweden. Don't use it unless you know you need to. Its left unticked by defaut. am i spossed to tick it to exclude it or leave it alone, based on what i read i think im sopped to tick it to exclude I did notice that the cpu went up from 25 percent and 50 percent making the fan go crazy and the computer is in the bedroom

    got a week trial of bollehVpn, also very fast, port test 100 percent steath
     
    Last edited: Jul 25, 2012
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Windows opens a few ports by default. It depends on what you selected during setup.

    That is strange.

    Others have complained about them on Wilders etc, for various reasons.

    That would be a useful test, but it's obviously your choice.

    Unless you have other reason to be suspicious, the risk is probably slight. You could run a network sniffer, and look for suspicious traffic through the VPN tunnel.

    It would be wise to have backups, in any case. But it's up to you.

    I wouldn't bother.

    Unless you know what you're doing, I don't see the point.

    They have servers in the USA because people want to stream Hulu etc. I'm not sure about Canada.

    I wouldn't use them unless you need to for some reason.

    SwissVPN doesn't have a good reputation.

    :)

    It's been a while since I used Mullvad. Port 22 seems odd. I'd have expected 80, 443 or 1194.

    That's only relevant if you're in Sweden.

    Don't tick it.

    Crypto computation takes some work.

    They're good people.
     
  13. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    hi i been trying out bollehVpn, the first day was great i was maxing out my connections get 1200kbs on big bittorent files, i also like the us server cus i could listen to pandora,

    The next day my speed has gone down to less then dial up, they said my configuration was messed up and want me to email them my password and login and to give them remote access to my computer. Is this advisableo_O?


    there post:

    Looks like a misconfiguration of some sort. Maybe we can arrange a Teamviewer session?

    You can obtain Teamviewer here: http://www.teamviewer.com/en/download/index.aspx

    I would really like to keep them if the service can back to the day one, but unsure what to do,
     
  14. Phractal

    Phractal Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    15
    personally I would never let anyone view my system, especially when I am using Bittorrent.

    I would strongly advise to get them to help you via email, but thats just paranoid me ;)
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I agree with Phractal.

    You could post the OpenVPN connection log here, with IP addresses redacted. Use CODE tags.
     
  16. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    yeah thanks, you guys confirmed what i thought, that it was not a good idea, if they cant get it working through email/chat/messages board i will have to find another provider.

    I like the fact i can listen to Pandora on it. Maybe all go back to Mullvad for tornenting, but i cant have a usa proxy. Are there any inexpensive proxy out there like 3 bucks a month or something. All i can find is free ones that don't work or ones where they want more then what vpn costs.
     
    Last edited: Jul 27, 2012
  17. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    I just want to update that i was able to resolve the issue with BolehVPN with out the need of remote assistance. so far i'm liking it fast downloading for torrents, and us and uk servers to watch streaming media.
    I guess SwissVpn's screw up was a good thing after getting the recommendation on the board for BolehVPN .

    I noticed that on most servers port 22 SSH Remote Login Protocol was wide open, think its something between the sever and my computer and its safe?

    Also some servers i get the following messages

    No return dns Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location.

    im not sure what that means, i know you can use the dns from BolehVPN, should i do that?
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Cool :)

    I'm quite appalled by SwissVPN's responses to you, FWIW.

    I don't see that with my VPNs. Maybe other BolehVPN users can comment.

    That's from GRC's ShieldsUP!, right? That just means that grc.com didn't find an alphanumeric hostname for the VPN exit server. DNS lookup is going from hostname (e.g., grc.com) to IP address (e.g., 4.79.142.200). Reverse DNS lookup is going from IP address to hostname. All that has nothing to do with what DNS server(s) you're using for your DNS lookups.
     
  19. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    thanks for the quick rely, yes that was from the grc, so i assume its ok to keep the same dns? or would there be other advantages to using there dns if your not seeing port 22 maybe i should close it in my router, hopefully that wouldn't affect the us of the vpn.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Please run -https://www.grc.com/dns/dns.htm-

    What DNS servers do you see? BolehVPN's? Your ISP's?
     
  21. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    ok so i ran the test 3 servers found 1928 Queries received, Anti-Spoofing Safety: Excellent on all 3 servers.

    One server was called b.root.lu and the other 2 servers were my isp,s
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's not good. VPNs should be set up to use their own DNS servers, or others that aren't associated with you (Comodo, OpenDNS or whatever). What OS do you use? Are you using BolehVPN's client? Or OpenVPN? Or?
     
  23. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    Im using there client, there was some mention that you could use there dns so i think i could just input there dns number? using windows 7 ultimate. or is googles dns an option or open dns ? I just remembered i downloaded this rss feeder called miro and itunes as well, then i uninstalled them, i think miro may have opened port 22 and not closed it after the unistall. Ok i removed the rules for the programs in windows firewall and even restored windows firewall to defaults and im still getting the 22 open when i scan with the vpn, when i scan with no vpn its steath
     
    Last edited: Aug 4, 2012
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I don't have an active BolehVPN account, so I can't check. And I didn't use their client, in any case. Maybe another BolehVPN user can check for open ports.

    I recommend using either BolehVPN's DNS server, or OpenDNS.
     
  25. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    does the result of the dns test mean that, when im downloading with utorent, my real ip could be reveled to other users, like the ones that log it for the entertainment industry o_O?

    I have 4 days left on my account, I wonder if BolehVPN puts more concern with fast downloads and less security. Is there any other vpns any one one the board can recommend, that would have safe fast uttorent in a server not in Canada and the USA , and USA media streaming option?
     
Loading...
Thread Status:
Not open for further replies.